From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2D0F19419A6 for ; Mon, 13 May 2024 14:30:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=cOWxKhham5RUL/fxOBUB5jW/DPUkXPZur7jwOsL66dE=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1715610639; v=1; b=lDB5EghJhC0Qsyr3hVqqNrvCG5jNzlEt03kxtyP0bR03siCx6wCIvdvx/aUugu8DoltbLkXo DbDlZratk5fKuqbU7iWpzePoS3CUgAUjNO603n06mmvmSHJ5QnoJyI3/0fmZj/21XyvFDUGn6++ jI0+LGuB2zLrFxtJvHrZNtg+bdzU267yWtPLoq7ugU4dOAOVyLNJWtcd8eqWOybAzaUiqBFc34E 9IwCCP8LFEXVqmVVwpHe+kCg6c8izEUJv41Mc+ivS6GcfdmtEJ8MDqWgMB0lOA82/GxoAXsO2dP hwsdpHovIOI3QIl0PkPGcToyNe2cqreN5nt/hNH94N54Q== X-Received: by 127.0.0.2 with SMTP id jQhXYY7687511xTa6UNgndHV; Mon, 13 May 2024 07:30:39 -0700 X-Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by mx.groups.io with SMTP id smtpd.web10.61798.1715610637425346821 for ; Mon, 13 May 2024 07:30:38 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 45E7ECE0CFC for ; Mon, 13 May 2024 14:30:33 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 832AEC4AF07 for ; Mon, 13 May 2024 14:30:31 +0000 (UTC) X-Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-2dfb4ea2bbfso51578521fa.2 for ; Mon, 13 May 2024 07:30:31 -0700 (PDT) X-Gm-Message-State: Ddf9Ez4tDMMN4yaUA1Y7oBL7x7686176AA= X-Google-Smtp-Source: AGHT+IG3Y+NBnho5bakOSBZeYyTqE86qcO23xWDmE+4uBbIhEQJy8A2anh0GqNDG3K5nLCMWT110pRzTbs9VvhSt8Co= X-Received: by 2002:a2e:8794:0:b0:2d8:34ec:54e6 with SMTP id 38308e7fff4ca-2e5204ccd8fmr58250441fa.33.1715610629242; Mon, 13 May 2024 07:30:29 -0700 (PDT) MIME-Version: 1.0 References: <20240509055633.828642-1-doug.edk2@gmail.com> <20240509055633.828642-9-doug.edk2@gmail.com> In-Reply-To: <20240509055633.828642-9-doug.edk2@gmail.com> From: "Ard Biesheuvel" Date: Mon, 13 May 2024 16:30:18 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 To: devel@edk2.groups.io, dougflick@microsoft.com Cc: Saloni Kasbekar , Zachary Clark-williams Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 13 May 2024 07:30:38 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=lDB5EghJ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Could we please include gEfiRngAlgorithmArmRndr in the list of accepted RNG protocols? The ARM architecture reference mandates the use of a DRBG that complies with NIST SP800-90A Rev 1 to produce the random output emitted by RNDR/RNDRRS, and so it matches the requirement imposed by this change. On Thu, 9 May 2024 at 07:57, Doug Flick via groups.io wrote: > > From: Doug Flick > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542 > > Bug Overview: > PixieFail Bug #9 > CVE-2023-45237 > CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N > CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) > > Use of a Weak PseudoRandom Number Generator > > Change Overview: > > Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either > > > > > EFI_STATUS > > EFIAPI > > PseudoRandomU32 ( > > OUT UINT32 *Output > > ); > > > > or (depending on the use case) > > > > > EFI_STATUS > > EFIAPI > > PseudoRandom ( > > OUT VOID *Output, > > IN UINTN OutputLength > > ); > > > > This is because the use of > > Example: > > The following code snippet PseudoRandomU32 () function is used: > > > > > UINT32 Random; > > > > Status = PseudoRandomU32 (&Random); > > if (EFI_ERROR (Status)) { > > DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", > __func__, Status)); > > return Status; > > } > > > > This also introduces a new PCD to enable/disable the use of the > secure implementation of algorithms for PseudoRandom () and > instead depend on the default implementation. This may be required for > some platforms where the UEFI Spec defined algorithms are not available. > > > > > PcdEnforceSecureRngAlgorithms > > > > If the platform does not have any one of the UEFI defined > secure RNG algorithms then the driver will assert. > > Cc: Saloni Kasbekar > Cc: Zachary Clark-williams > > Signed-off-by: Doug Flick [MSFT] > --- > NetworkPkg/NetworkPkg.dec | 7 ++ > NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 13 +- > NetworkPkg/TcpDxe/TcpDxe.inf | 3 + > NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- > NetworkPkg/Include/Library/NetLib.h | 40 ++++-- > NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- > NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- > NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- > NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- > NetworkPkg/DnsDxe/DnsImpl.c | 11 +- > NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- > NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++- > NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +-- > NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- > NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- > NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++- > NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- > NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- > NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++- > NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 129 +++++++++++++++++--- > NetworkPkg/TcpDxe/TcpDriver.c | 15 ++- > NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- > NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- > NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- > NetworkPkg/SecurityFixes.yaml | 39 ++++++ > 27 files changed, 408 insertions(+), 83 deletions(-) > > diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec > index e06f35e7747c..7c4289b77b21 100644 > --- a/NetworkPkg/NetworkPkg.dec > +++ b/NetworkPkg/NetworkPkg.dec > @@ -5,6 +5,7 @@ > # > # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
> # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
> +# Copyright (c) Microsoft Corporation > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call. > gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C > > + ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections. > + # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms. > + # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider. > + # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms. > + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D > + > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355). > # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT] > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > index 8145d256ec10..236ccd362efe 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > @@ -3,6 +3,7 @@ > # > # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> +# Copyright (c) Microsoft Corporation > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > ## > @@ -49,7 +50,10 @@ [Guids] > gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable > gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable > gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES > - > + gEfiRngAlgorithmRaw ## CONSUMES > + gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES > + gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES > + gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES > > [Protocols] > gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES > @@ -59,3 +63,10 @@ [Protocols] > gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES > gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES > gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES > + gEfiRngProtocolGuid ## CONSUMES > + > +[FixedPcd] > + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES > + > +[Depex] > + gEfiRngProtocolGuid > diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf > index c0acbdca5700..cf5423f4c537 100644 > --- a/NetworkPkg/TcpDxe/TcpDxe.inf > +++ b/NetworkPkg/TcpDxe/TcpDxe.inf > @@ -82,5 +82,8 @@ [Protocols] > gEfiTcp6ProtocolGuid ## BY_START > gEfiTcp6ServiceBindingProtocolGuid ## BY_START > > +[Depex] > + gEfiHash2ServiceBindingProtocolGuid > + > [UserExtensions.TianoCore."ExtraFiles"] > TcpDxeExtra.uni > diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h > index a951eee70ec9..91b2cd22613d 100644 > --- a/NetworkPkg/IScsiDxe/IScsiMisc.h > +++ b/NetworkPkg/IScsiDxe/IScsiMisc.h > @@ -2,6 +2,7 @@ > Miscellaneous definitions for iSCSI driver. > > Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -202,8 +203,11 @@ IScsiNetNtoi ( > @param[in, out] Rand The buffer to contain random numbers. > @param[in] RandLength The length of the Rand buffer. > > + @retval EFI_SUCCESS on success > + @retval others on error > + > **/ > -VOID > +EFI_STATUS > IScsiGenRandom ( > IN OUT UINT8 *Rand, > IN UINTN RandLength > diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h > index 8c0e62b3889c..e8108b79db8f 100644 > --- a/NetworkPkg/Include/Library/NetLib.h > +++ b/NetworkPkg/Include/Library/NetLib.h > @@ -3,6 +3,7 @@ > It provides basic functions for the UEFI network stack. > > Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr; > #define TICKS_PER_MS 10000U > #define TICKS_PER_SECOND 10000000U > > -#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL) > - > /** > Extract a UINT32 from a byte stream. > > @@ -580,19 +579,40 @@ NetPutUint32 ( > ); > > /** > - Initialize a random seed using current time and monotonic count. > + Generate a Random output data given a length. > > - Get current time and monotonic count first. Then initialize a random seed > - based on some basic mathematics operation on the hour, day, minute, second, > - nanosecond and year of the current time and the monotonic count value. > + @param[out] Output - The buffer to store the generated random data. > + @param[in] OutputLength - The length of the output buffer. > > - @return The random seed initialized with current time. > + @retval EFI_SUCCESS On Success > + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero > + @retval EFI_NOT_FOUND RNG protocol not found > + @retval Others Error from RngProtocol->GetRNG() > > + @return Status code > **/ > -UINT32 > +EFI_STATUS > EFIAPI > -NetRandomInitSeed ( > - VOID > +PseudoRandom ( > + OUT VOID *Output, > + IN UINTN OutputLength > + ); > + > +/** > + Generate a 32-bit pseudo-random number. > + > + @param[out] Output - The buffer to store the generated random number. > + > + @retval EFI_SUCCESS On Success > + @retval EFI_NOT_FOUND RNG protocol not found > + @retval Others Error from RngProtocol->GetRNG() > + > + @return Status code > +**/ > +EFI_STATUS > +EFIAPI > +PseudoRandomU32 ( > + OUT UINT32 *Output > ); > > #define NET_LIST_USER_STRUCT(Entry, Type, Field) \ > diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h > index bf64e9114e13..5795e23c7d71 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h > +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h > @@ -2,7 +2,7 @@ > Definition of Neighbor Discovery support routines. > > Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -780,10 +780,10 @@ Ip6OnArpResolved ( > /** > Update the ReachableTime in IP6 service binding instance data, in milliseconds. > > - @param[in, out] IpSb Points to the IP6_SERVICE. > - > + @retval EFI_SUCCESS ReachableTime Updated > + @retval others Failed to update ReachableTime > **/ > -VOID > +EFI_STATUS > Ip6UpdateReachableTime ( > IN OUT IP6_SERVICE *IpSb > ); > diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c > index 8c37e93be3a8..892caee36846 100644 > --- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c > +++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c > @@ -1,6 +1,7 @@ > /** @file > > Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -189,6 +190,13 @@ Dhcp4CreateService ( > { > DHCP_SERVICE *DhcpSb; > EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > *Service = NULL; > DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE)); > @@ -203,7 +211,7 @@ Dhcp4CreateService ( > DhcpSb->Image = ImageHandle; > InitializeListHead (&DhcpSb->Children); > DhcpSb->DhcpState = Dhcp4Stopped; > - DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ()); > + DhcpSb->Xid = Random; > CopyMem ( > &DhcpSb->ServiceBinding, > &mDhcp4ServiceBindingTemplate, > diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c > index b591a4605bc9..e7f2787a98ba 100644 > --- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c > +++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c > @@ -3,7 +3,7 @@ > implementation for Dhcp6 Driver. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -123,6 +123,13 @@ Dhcp6CreateService ( > { > DHCP6_SERVICE *Dhcp6Srv; > EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > *Service = NULL; > Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE)); > @@ -147,7 +154,7 @@ Dhcp6CreateService ( > Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE; > Dhcp6Srv->Controller = Controller; > Dhcp6Srv->Image = ImageHandle; > - Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ())); > + Dhcp6Srv->Xid = (0xffffff & Random); > > CopyMem ( > &Dhcp6Srv->ServiceBinding, > diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c > index 933565a32df1..9eb3c1d2d81d 100644 > --- a/NetworkPkg/DnsDxe/DnsDhcp.c > +++ b/NetworkPkg/DnsDxe/DnsDhcp.c > @@ -2,6 +2,7 @@ > Functions implementation related with DHCPv4/v6 for DNS driver. > > Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 ( > EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token; > BOOLEAN IsDone; > UINTN Index; > + UINT32 Random; > > Image = Instance->Service->ImageHandle; > Controller = Instance->Service->ControllerHandle; > @@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 ( > Data = NULL; > InterfaceInfo = NULL; > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > ZeroMem ((UINT8 *)ParaList, sizeof (ParaList)); > > ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA)); > @@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 ( > > Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet); > > - Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ())); > + Token.Packet->Dhcp4.Header.Xid = Random; > > Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000); > > diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c > index d311812800fd..c2629bb8df1f 100644 > --- a/NetworkPkg/DnsDxe/DnsImpl.c > +++ b/NetworkPkg/DnsDxe/DnsImpl.c > @@ -2,6 +2,7 @@ > DnsDxe support functions implementation. > > Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -1963,6 +1964,14 @@ ConstructDNSQuery ( > NET_FRAGMENT Frag; > DNS_HEADER *DnsHeader; > DNS_QUERY_SECTION *DnsQuery; > + EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > // > // Messages carried by UDP are restricted to 512 bytes (not counting the IP > @@ -1977,7 +1986,7 @@ ConstructDNSQuery ( > // Fill header > // > DnsHeader = (DNS_HEADER *)Frag.Bulk; > - DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ()); > + DnsHeader->Identification = (UINT16)Random; > DnsHeader->Flags.Uint16 = 0x0000; > DnsHeader->Flags.Bits.RD = 1; > DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD; > diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > index b22cef4ff587..f964515b0fa6 100644 > --- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > +++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > @@ -2,6 +2,7 @@ > Functions implementation related with DHCPv6 for HTTP boot driver. > > Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -951,6 +952,7 @@ HttpBootDhcp6Sarr ( > UINT32 OptCount; > UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE]; > EFI_STATUS Status; > + UINT32 Random; > > Dhcp6 = Private->Dhcp6; > ASSERT (Dhcp6 != NULL); > @@ -961,6 +963,12 @@ HttpBootDhcp6Sarr ( > OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer); > ASSERT (OptCount > 0); > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION)); > if (Retransmit == NULL) { > return EFI_OUT_OF_RESOURCES; > @@ -976,7 +984,7 @@ HttpBootDhcp6Sarr ( > Config.IaInfoEvent = NULL; > Config.RapidCommit = FALSE; > Config.ReconfigureAccept = FALSE; > - Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ()); > + Config.IaDescriptor.IaId = Random; > Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA; > Config.SolicitRetransmission = Retransmit; > Retransmit->Irt = 4; > diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c > index b507f11cd45e..bebb1ac29b9c 100644 > --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c > +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c > @@ -3,6 +3,7 @@ > Configuration. > > Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -576,16 +577,24 @@ IScsiCHAPToSendReq ( > // > // CHAP_I= > // > - IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1); > + Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1); > + if (EFI_ERROR (Status)) { > + break; > + } > + > AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier); > IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); > // > // CHAP_C= > // > - IScsiGenRandom ( > - (UINT8 *)AuthData->OutChallenge, > - AuthData->Hash->DigestSize > - ); > + Status = IScsiGenRandom ( > + (UINT8 *)AuthData->OutChallenge, > + AuthData->Hash->DigestSize > + ); > + if (EFI_ERROR (Status)) { > + break; > + } > + > BinToHexStatus = IScsiBinToHex ( > (UINT8 *)AuthData->OutChallenge, > AuthData->Hash->DigestSize, > diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c > index 78dc5c73d35a..2159b8494963 100644 > --- a/NetworkPkg/IScsiDxe/IScsiMisc.c > +++ b/NetworkPkg/IScsiDxe/IScsiMisc.c > @@ -2,6 +2,7 @@ > Miscellaneous routines for iSCSI driver. > > Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -474,20 +475,17 @@ IScsiNetNtoi ( > @param[in, out] Rand The buffer to contain random numbers. > @param[in] RandLength The length of the Rand buffer. > > + @retval EFI_SUCCESS on success > + @retval others on error > + > **/ > -VOID > +EFI_STATUS > IScsiGenRandom ( > IN OUT UINT8 *Rand, > IN UINTN RandLength > ) > { > - UINT32 Random; > - > - while (RandLength > 0) { > - Random = NET_RANDOM (NetRandomInitSeed ()); > - *Rand++ = (UINT8)(Random); > - RandLength--; > - } > + return PseudoRandom (Rand, RandLength); > } > > /** > diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c > index ec483ff01fa9..683423f38dc7 100644 > --- a/NetworkPkg/Ip4Dxe/Ip4Driver.c > +++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c > @@ -2,6 +2,7 @@ > The driver binding and service binding protocol for IP4 driver. > > Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > @@ -549,11 +550,18 @@ Ip4DriverBindingStart ( > EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2; > UINTN Index; > IP4_CONFIG2_DATA_ITEM *DataItem; > + UINT32 Random; > > IpSb = NULL; > Ip4Cfg2 = NULL; > DataItem = NULL; > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > // > // Test for the Ip4 service binding protocol > // > @@ -653,7 +661,7 @@ Ip4DriverBindingStart ( > // > // Initialize the IP4 ID > // > - mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ()); > + mIp4Id = (UINT16)Random; > > return Status; > > diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c > index 70e232ce6c4d..4c1354d26cc1 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c > +++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c > @@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance ( > UINTN Index; > UINT16 IfIndex; > IP6_CONFIG_DATA_ITEM *DataItem; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance); > > @@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance ( > // The NV variable is not set, so generate a random IAID, and write down the > // fresh new configuration as the NV variable now. > // > - Instance->IaId = NET_RANDOM (NetRandomInitSeed ()); > + Instance->IaId = Random; > > for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) { > Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31)); > diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c > index b483a7d136d9..cbe011dad472 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6Driver.c > +++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c > @@ -3,7 +3,7 @@ > > Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -316,7 +316,11 @@ Ip6CreateService ( > IpSb->CurHopLimit = IP6_HOP_LIMIT; > IpSb->LinkMTU = IP6_MIN_LINK_MTU; > IpSb->BaseReachableTime = IP6_REACHABLE_TIME; > - Ip6UpdateReachableTime (IpSb); > + Status = Ip6UpdateReachableTime (IpSb); > + if (EFI_ERROR (Status)) { > + goto ON_ERROR; > + } > + > // > // RFC4861 RETRANS_TIMER: 1,000 milliseconds > // > @@ -516,11 +520,18 @@ Ip6DriverBindingStart ( > EFI_STATUS Status; > EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg; > IP6_CONFIG_DATA_ITEM *DataItem; > + UINT32 Random; > > IpSb = NULL; > Ip6Cfg = NULL; > DataItem = NULL; > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > // > // Test for the Ip6 service binding protocol > // > @@ -656,7 +667,7 @@ Ip6DriverBindingStart ( > // > // Initialize the IP6 ID > // > - mIp6Id = NET_RANDOM (NetRandomInitSeed ()); > + mIp6Id = Random; > > return EFI_SUCCESS; > > diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c > index 4629c05f25a0..f3d11c4d2155 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6If.c > +++ b/NetworkPkg/Ip6Dxe/Ip6If.c > @@ -2,7 +2,7 @@ > Implement IP6 pseudo interface. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -89,6 +89,14 @@ Ip6SetAddress ( > IP6_PREFIX_LIST_ENTRY *PrefixEntry; > UINT64 Delay; > IP6_DELAY_JOIN_LIST *DelayNode; > + EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE); > > @@ -164,7 +172,7 @@ Ip6SetAddress ( > // Thus queue the address to be processed in Duplicate Address Detection module > // after the delay time (in milliseconds). > // > - Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ()); > + Delay = (UINT64)Random; > Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS); > Delay = RShiftU64 (Delay, 32); > > diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c > index e6b2b653e295..498a11854305 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6Mld.c > +++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c > @@ -696,7 +696,15 @@ Ip6UpdateDelayTimer ( > IN OUT IP6_MLD_GROUP *Group > ) > { > - UINT32 Delay; > + UINT32 Delay; > + EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > // > // If the Query packet specifies a Maximum Response Delay of zero, perform timer > @@ -715,7 +723,7 @@ Ip6UpdateDelayTimer ( > // is less than the remaining value of the running timer. > // > if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) { > - Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ()); > + Group->DelayTimer = Delay / 4294967295UL * Random; > } > > return EFI_SUCCESS; > diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c > index c10c7017f88d..72aa45c10f3f 100644 > --- a/NetworkPkg/Ip6Dxe/Ip6Nd.c > +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c > @@ -2,7 +2,7 @@ > Implementation of Neighbor Discovery support routines. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress; > > @param[in, out] IpSb Points to the IP6_SERVICE. > > + @retval EFI_SUCCESS ReachableTime Updated > + @retval others Failed to update ReachableTime > **/ > -VOID > +EFI_STATUS > Ip6UpdateReachableTime ( > IN OUT IP6_SERVICE *IpSb > ) > { > - UINT32 Random; > + UINT32 Random; > + EFI_STATUS Status; > > - Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > + Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; > Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED; > IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE; > + > + return EFI_SUCCESS; > } > > /** > @@ -972,10 +983,17 @@ Ip6InitDADProcess ( > IP6_SERVICE *IpSb; > EFI_STATUS Status; > UINT32 MaxDelayTick; > + UINT32 Random; > > NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE); > ASSERT (AddressInfo != NULL); > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > // > // Do nothing if we have already started DAD on the address. > // > @@ -1014,7 +1032,7 @@ Ip6InitDADProcess ( > Entry->Transmit = 0; > Entry->Receive = 0; > MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS; > - Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5; > + Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5; > Entry->AddressInfo = AddressInfo; > Entry->Callback = Callback; > Entry->Context = Context; > @@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise ( > // in BaseReachableTime and recompute a ReachableTime. > // > IpSb->BaseReachableTime = ReachableTime; > - Ip6UpdateReachableTime (IpSb); > + Status = Ip6UpdateReachableTime (IpSb); > + if (EFI_ERROR (Status)) { > + goto Exit; > + } > } > > if (RetransTimer != 0) { > diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > index fd4a9e15a892..b13853b23c7e 100644 > --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c > @@ -3,6 +3,7 @@ > > Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
> (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > **/ > > @@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include > > #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) > #define DEFAULT_ZERO_START ((UINTN) ~0) > @@ -127,6 +129,24 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = { > 0 > }; > > +// > +// These represent UEFI SPEC defined algorithms that should be supported by > +// the RNG protocol and are generally considered secure. > +// > +// The order of the algorithms in this array is important. This order is the order > +// in which the algorithms will be tried by the RNG protocol. > +// If your platform needs to use a specific algorithm for the random number generator, > +// then you should place that algorithm first in the array. > +// > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = { > + &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256 > + &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256 > + &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256 > + &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG) > +}; > + > +#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *)) > + > /** > Locate the handles that support SNP, then open one of them > to send the syslog packets. The caller isn't required to close > @@ -884,34 +904,107 @@ Ip6Swap128 ( > } > > /** > - Initialize a random seed using current time and monotonic count. > + Generate a Random output data given a length. > > - Get current time and monotonic count first. Then initialize a random seed > - based on some basic mathematics operation on the hour, day, minute, second, > - nanosecond and year of the current time and the monotonic count value. > + @param[out] Output - The buffer to store the generated random data. > + @param[in] OutputLength - The length of the output buffer. > > - @return The random seed initialized with current time. > + @retval EFI_SUCCESS On Success > + @retval EFI_INVALID_PARAMETER Pointer is null or size is zero > + @retval EFI_NOT_FOUND RNG protocol not found > + @retval Others Error from RngProtocol->GetRNG() > > + @return Status code > **/ > -UINT32 > +EFI_STATUS > EFIAPI > -NetRandomInitSeed ( > - VOID > +PseudoRandom ( > + OUT VOID *Output, > + IN UINTN OutputLength > ) > { > - EFI_TIME Time; > - UINT32 Seed; > - UINT64 MonotonicCount; > + EFI_RNG_PROTOCOL *RngProtocol; > + EFI_STATUS Status; > + UINTN AlgorithmIndex; > > - gRT->GetTime (&Time, NULL); > - Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second); > - Seed ^= Time.Nanosecond; > - Seed ^= Time.Year << 7; > + if ((Output == NULL) || (OutputLength == 0)) { > + return EFI_INVALID_PARAMETER; > + } > > - gBS->GetNextMonotonicCount (&MonotonicCount); > - Seed += (UINT32)MonotonicCount; > + Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } > > - return Seed; > + if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) { > + for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) { > + Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output); > + if (!EFI_ERROR (Status)) { > + // > + // Secure Algorithm was supported on this platform > + // > + return EFI_SUCCESS; > + } else if (Status == EFI_UNSUPPORTED) { > + // > + // Secure Algorithm was not supported on this platform > + // > + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); > + > + // > + // Try the next secure algorithm > + // > + continue; > + } else { > + // > + // Some other error occurred > + // > + DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } > + } > + > + // > + // If we get here, we failed to generate random data using any secure algorithm > + // Platform owner should ensure that at least one secure algorithm is supported > + // > + ASSERT_EFI_ERROR (Status); > + return Status; > + } > + > + // > + // Lets try using the default algorithm (which may not be secure) > + // > + Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status)); > + ASSERT_EFI_ERROR (Status); > + return Status; > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Generate a 32-bit pseudo-random number. > + > + @param[out] Output - The buffer to store the generated random number. > + > + @retval EFI_SUCCESS On Success > + @retval EFI_NOT_FOUND RNG protocol not found > + @retval Others Error from RngProtocol->GetRNG() > + > + @return Status code > +**/ > +EFI_STATUS > +EFIAPI > +PseudoRandomU32 ( > + OUT UINT32 *Output > + ) > +{ > + return PseudoRandom (Output, sizeof (*Output)); > } > > /** > diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c > index 98a90e02109b..8fe6badd687c 100644 > --- a/NetworkPkg/TcpDxe/TcpDriver.c > +++ b/NetworkPkg/TcpDxe/TcpDriver.c > @@ -2,7 +2,7 @@ > The driver binding and service binding protocol for the TCP driver. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -163,7 +163,13 @@ TcpDriverEntryPoint ( > ) > { > EFI_STATUS Status; > - UINT32 Seed; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > // > // Install the TCP Driver Binding Protocol > @@ -203,9 +209,8 @@ TcpDriverEntryPoint ( > // > // Initialize ISS and random port. > // > - Seed = NetRandomInitSeed (); > - mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss; > - mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN)); > + mTcpGlobalIss = Random % mTcpGlobalIss; > + mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN)); > mTcp6RandomPort = mTcp4RandomPort; > > return EFI_SUCCESS; > diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c > index cb917fcfc90f..c7ea16f4cd6f 100644 > --- a/NetworkPkg/Udp4Dxe/Udp4Driver.c > +++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c > @@ -1,6 +1,7 @@ > /** @file > > Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -555,6 +556,13 @@ Udp4DriverEntryPoint ( > ) > { > EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > // > // Install the Udp4DriverBinding and Udp4ComponentName protocols. > @@ -571,7 +579,7 @@ Udp4DriverEntryPoint ( > // > // Initialize the UDP random port. > // > - mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN); > + mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN); > } > > return Status; > diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c > index ae96fb996627..edb758d57ca4 100644 > --- a/NetworkPkg/Udp6Dxe/Udp6Driver.c > +++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c > @@ -2,7 +2,7 @@ > Driver Binding functions and Service Binding functions for the Network driver module. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -596,6 +596,13 @@ Udp6DriverEntryPoint ( > ) > { > EFI_STATUS Status; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > > // > // Install the Udp6DriverBinding and Udp6ComponentName protocols. > @@ -614,7 +621,7 @@ Udp6DriverEntryPoint ( > // Initialize the UDP random port. > // > mUdp6RandomPort = (UINT16)( > - ((UINT16)NetRandomInitSeed ()) % > + ((UINT16)Random) % > UDP6_PORT_KNOWN + > UDP6_PORT_KNOWN > ); > diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > index 91146b78cb1e..452038c2194c 100644 > --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > @@ -2,7 +2,7 @@ > Functions implementation related with DHCPv4 for UefiPxeBc Driver. > > Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
> - > + Copyright (c) Microsoft Corporation > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover ( > UINT8 VendorOptLen; > UINT32 Xid; > > + Status = PseudoRandomU32 (&Xid); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > Mode = Private->PxeBc.Mode; > Dhcp4 = Private->Dhcp4; > Status = EFI_SUCCESS; > @@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover ( > // > // Set fields of the token for the request packet. > // > - Xid = NET_RANDOM (NetRandomInitSeed ()); > Token.Packet->Dhcp4.Header.Xid = HTONL (Xid); > Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0)); > CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS)); > diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > index 7fd1281c1184..bcabbd221983 100644 > --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > @@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover ( > UINTN ReadSize; > UINT16 OpCode; > UINT16 OpLen; > - UINT32 Xid; > + UINT32 Random; > EFI_STATUS Status; > UINTN DiscoverLenNeeded; > > @@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover ( > return EFI_DEVICE_ERROR; > } > > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); > + return Status; > + } > + > DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET); > Discover = AllocateZeroPool (DiscoverLenNeeded); > if (Discover == NULL) { > @@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover ( > // > // Build the discover packet by the cached request packet before. > // > - Xid = NET_RANDOM (NetRandomInitSeed ()); > - Discover->TransactionId = HTONL (Xid); > + Discover->TransactionId = HTONL (Random); > Discover->MessageType = Request->Dhcp6.Header.MessageType; > RequestOpt = Request->Dhcp6.Option; > DiscoverOpt = Discover->DhcpOptions; > diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c > index d84aca7e85ab..4cd915b41157 100644 > --- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c > +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c > @@ -3,6 +3,7 @@ > > (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
> Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
> + Copyright (c) Microsoft Corporation > > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -892,6 +893,13 @@ PxeBcCreateIp6Children ( > PXEBC_PRIVATE_PROTOCOL *Id; > EFI_SIMPLE_NETWORK_PROTOCOL *Snp; > UINTN Index; > + UINT32 Random; > + > + Status = PseudoRandomU32 (&Random); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status)); > + return Status; > + } > > if (Private->Ip6Nic != NULL) { > // > @@ -935,9 +943,9 @@ PxeBcCreateIp6Children ( > } > > // > - // Generate a random IAID for the Dhcp6 assigned address. > + // Set a random IAID for the Dhcp6 assigned address. > // > - Private->IaId = NET_RANDOM (NetRandomInitSeed ()); > + Private->IaId = Random; > if (Private->Snp != NULL) { > for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) { > Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31)); > diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml > index fa42025e0d82..20a4555019d9 100644 > --- a/NetworkPkg/SecurityFixes.yaml > +++ b/NetworkPkg/SecurityFixes.yaml > @@ -122,3 +122,42 @@ CVE_2023_45235: > - http://www.openwall.com/lists/oss-security/2024/01/16/2 > - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html > - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html > +CVE_2023_45237: > + commit_titles: > + - "NetworkPkg:: SECURITY PATCH CVE 2023-45237" > + cve: CVE-2023-45237 > + date_reported: 2023-08-28 13:56 UTC > + description: "Bug 09 - Use of a Weak PseudoRandom Number Generator" > + note: > + files_impacted: > + - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c > + - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c > + - NetworkPkg/DnsDxe/DnsDhcp.c > + - NetworkPkg/DnsDxe/DnsImpl.c > + - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c > + - NetworkPkg/IScsiDxe/IScsiCHAP.c > + - NetworkPkg/IScsiDxe/IScsiMisc.c > + - NetworkPkg/IScsiDxe/IScsiMisc.h > + - NetworkPkg/Include/Library/NetLib.h > + - NetworkPkg/Ip4Dxe/Ip4Driver.c > + - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c > + - NetworkPkg/Ip6Dxe/Ip6Driver.c > + - NetworkPkg/Ip6Dxe/Ip6If.c > + - NetworkPkg/Ip6Dxe/Ip6Mld.c > + - NetworkPkg/Ip6Dxe/Ip6Nd.c > + - NetworkPkg/Ip6Dxe/Ip6Nd.h > + - NetworkPkg/Library/DxeNetLib/DxeNetLib.c > + - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf > + - NetworkPkg/NetworkPkg.dec > + - NetworkPkg/TcpDxe/TcpDriver.c > + - NetworkPkg/Udp4Dxe/Udp4Driver.c > + - NetworkPkg/Udp6Dxe/Udp6Driver.c > + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c > + - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c > + - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c > + links: > + - https://bugzilla.tianocore.org/show_bug.cgi?id=4542 > + - https://nvd.nist.gov/vuln/detail/CVE-2023-45237 > + - http://www.openwall.com/lists/oss-security/2024/01/16/2 > + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html > + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html > -- > 2.34.1 > > > > ------------ > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#118724): https://edk2.groups.io/g/devel/message/118724 > Mute This Topic: https://groups.io/mt/105996586/5717338 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [ardb+tianocore@kernel.org] > ------------ > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118865): https://edk2.groups.io/g/devel/message/118865 Mute This Topic: https://groups.io/mt/105996586/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-